CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/27 5:7 p.m.•6 views

CVE-2026-46093

A flaw was found in the Linux kernel's memory management vmalloc subsystem. The decayvapoolnode function, when invoked concurrently from the shrinker path, lacks proper serialization. This oversight can lead to race conditions, potentially resulting in memory leaks and affecting system stability...

7.8CVSS5.8AI score0.00013EPSS

NVD•added 2026/05/27 2:17 p.m.•3 views

CVE-2026-46093

7.8CVSS0.00013EPSS

ATTACKERKB•added 2026/05/27 12:58 p.m.•4 views

CVE-2026-46093

5.7AI score0.00013EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/27 12:58 p.m.•12 views

CVE-2026-46093

CVE-2026-46093 affects the Linux kernel mm/vmalloc subsystem. The issue arises because decay_va_pool_node() can be invoked concurrently from two paths—the purge path and the shrinker path via vmap_node_shrink_scan—without proper serialization. This leads to races and potential memory leaks. The d...

7.8CVSS5.7AI score0.00013EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-43961

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap purge lock in shrinker decay va pool node can be invoked concurrently from two paths: purge vmap area lazy when pools are being purged, and the shrinker via vmap node shrink scan. However, decay va pool node...

5.7AI score0.00013EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...

5.5CVSS5.7AI score0.00015EPSS

RedhatCVE•added 2026/05/06 10:50 p.m.•2 views

CVE-2026-43237

A flaw was found in the Linux kernel's AMD GPU amdgpu driver. Incorrect management of graphics memory dmafence references within the amdgpugemvaioctl function can lead to a reference count underflow and a use-after-after-free condition. A local attacker could exploit this vulnerability to trigger...

7.8CVSS5.8AI score0.00013EPSS

Cvelist•added 2026/05/06 11:28 a.m.•29 views

CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

7.8CVSS0.00013EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

5.5CVSS6.4AI score0.00018EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64: mm: fixed the sanity check for VA-range Both createmappingnoalloc and updatemappingprot perform sanity checks on their ‘virt’ parameter. However, the check itself doesn’t make much sense. The condition used today seems ...

6AI score0.00051EPSS

CVE•added 2026/05/01 2:14 p.m.•2 views

CVE-2026-31765

Summary: CVE-2026-31765 affects the Linux kernel AMDGPU driver. A mismatch between the reserved trap area (AMDGPU_VA_RESERVED_TRAP_SIZE) and the allocated KFD GPU memory on systems with 64KB pages can cause a kernel crash, including a NULL pointer dereference, when running certain GPU tests (e.g....

5.5CVSS5.8AI score0.00015EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/01 2:14 p.m.•1 views

EUVD-2026-26578

5.8AI score0.00015EPSS

Debian CVE•added 2026/05/01 2:14 p.m.•2 views

CVE-2026-31765

5.5CVSS5.7AI score0.00015EPSS

Exploits0

Vulnrichment•added 2026/04/05 8:45 p.m.•1 views

CVE-2019-25671 VA MAX 8.3.4 Remote Code Execution via changeip.php

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...

8.8CVSS6.7AI score0.00474EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 5:1 p.m.•0 views

CVE-2026-24969

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through = 1.0.1...

7.7CVSS5.8AI score0.00071EPSS

NVD•added 2026/03/25 5:16 p.m.•0 views

CVE-2026-24969

7.7CVSS0.00071EPSS

Vulnrichment•added 2026/03/25 4:14 p.m.•0 views

CVE-2026-24969 WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

7.7CVSS5.8AI score0.00071EPSS

CVE•added 2026/03/25 4:14 p.m.•2 views

CVE-2026-24969

CVE-2026-24969 affects the WordPress Instant VA theme (designingmedia Instant VA) up to version 1.0.1 and is caused by improper limitation of a pathname to a restricted directory (Path Traversal). This can lead to arbitrary file deletion as described in multiple sources. The Red Hat/NVD entries c...

7.7CVSS5.8AI score0.00071EPSS

Cvelist•added 2026/03/25 4:14 p.m.•24 views

CVE-2026-24969 WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

7.7CVSS0.00071EPSS